Tips & Tricks - MonitorMagic
1. Block unwanted file-sharing applications
MonitorMagic is primarily used by network administrators
to monitor critical servers, applications, services,
and a multitude of other items. A feature of the
product that many system administrators are not taking
advantage of is the ability to monitor, and take
action against workstations. Windows NT4, Windows
2000 Professional, and Windows XP are all seen as
workstations by MonitorMagic. Every MonitorMagic
server license includes ten free workstation licenses
which can be put to good use.
All system administrators are aware of the P2P file
sharing revolution, as many are partaking in it themselves.
Programs like Morpheus and Kazaa give users unlimited
access to music, movies, and applications galore.
While using these P2P applications is great fun,
they present a serious threat to any networked environment.
Files that come from P2P applications should be viewed
with much scrutiny, as their integrity cannot be
trusted. Furthermore, the P2P applications themselves
represent major security holes, as it is possible
for an intruder to gain access to the system the P2P
application is running on. System administrators
cannot trust in the good judgment of end users to
not run these types of applications. This is where
MonitorMagic shines, it can be used to monitor for
P2P applications and terminate them if they're found
running.
This article focuses on four P2P applications in
particular: iMesh, Kazaa, Morpheus, and WinMX. A
monitor policy that watches for these applications
has been created and may be downloaded
here. If any of the aforementioned applications
are found running, the monitor creates an event log
entry and then terminates it. Once the monitor policy
is in active use system administrators can refer
to the event log for a running history of the applications
MonitorMagic terminated.
Let's load the monitor policy into MonitorMagic,
do so by selecting the "Policies" tab,
select "Central monitor policies" or "Local
monitor policies", (from the main menu) choose "Policy"/"Import
policies...", navigate to the downloaded policy
and select "OK." The policy will appear
in the list of central or local policies, depending
on which one was selected. Expand the policy, it
should appear as follows:
Out of the box this policy is ready for use, it
may be applied to any workstation or server. It is
not difficult to include another P2P application
in the monitor policy. As an example, we will add
a fictitious P2P application named mediaHOG to the
monitor policy. Begin by selecting the "iMesh" process
monitor. Right-click the "iMesh" process
monitor and choose "Copy." Select the "Stop
File Sharing Apps" monitor policy, right-click
it and choose "Paste." The monitor policy
now appears as follows:
Double-click the "iMesh1" process monitor,
the following dialog appears:
In the "Name" field, change "iMesh1" to
mediaHOG, this is for display purposes only. In the "Monitored
process(es)" window select the "iMeshClient" item
and choose "Delete." Now it's time to add
the mediaHOG process. Select "Add", the
following dialog appears:
Enter the name of the mediaHOG process in the unnamed
field, found in the bottom left hand corner of the
dialog, click "Add->", click "OK",
click "OK." The monitor policy now appears
as follows:
In MonitorMagic's current version, 5.0 1195, if
the monitor policy has already been applied to machines,
adding the mediaHOG monitor to the monitor policy
will not automatically create the mediaHOG monitor
on all machines the monitor policy has been applied
to, the policy must be reapplied to those machines.
|
